Enhancing User Safety: The Role of Wallets in Verifying Contract Legitimacy

@everyone

As we develop our platform, ensuring user safety and preventing scams is our top priority. Currently, our Admin private seed phrase vets fungible tokens that interact with our contract, preventing scammed FT contracts from entering our system. Importantly, no private seed phrase ever controls user funds, so even if our admin seed phrase were compromised, user funds would remain secure.

We are working towards releasing immutable contracts and decentralizing the admin vetting of FT tokens to make potential attacks more difficult.

To protect yourself:

  1. Always use trusted UIs and verify the URL.
  2. When accepting a contract call in your wallet, ensure post conditions prevent your wallet from being drained.
  3. Verify the contract address, including the SP address and contract name.
  4. If the contract has an admin, ensure its power is decentralized, ideally controlled by a DAO.

@werner.btc suggested that wallets could recognize well-known contracts and warn users when interacting with unrecognized contracts. This could be enhanced by displaying information like “5 of your friends and 1000 other users used this contract, transferring 1M STX,” providing users with additional context and confidence.

We hope this educational post on smart contract risks and the importance of wallet functionality in verifying contract legitimacy has been helpful. Let’s work together to swap safely and keep scammers away.

3 Likes

An AI system that recognizes contracts, warns about unfamiliar ones, and displays user stats (e.g., “5 friends and 1000 users transferred 1M STX”) to provide context and build confidence would be a valuable addition @radiclear

2 Likes

Sounds like a great use case for AI agents adding value to stacks blockchain - we should discuss in the Bitcoin AI X working group meeting (cc @whoabuddy) ?

2 Likes